Secrets Management
Best practices for storing and accessing sensitive credentials. Never hardcode secrets in source code.
Syntax
environments-and-security
// Environment variables, vaults, or secret storesExample
environments-and-security
// ✗ NEVER do this:
const apiKey = "sk-abc123secretkey";
// ✓ Use environment variables:
const apiKey = process.env.OPENAI_API_KEY;
// ✓ Validate at startup:
if (!process.env.DATABASE_URL) {
throw new Error("DATABASE_URL environment variable is required");
}
// ✓ Use a vault for production:
// AWS Secrets Manager, HashiCorp Vault, Doppler, 1Password Secrets Automation
// ✓ Rotate secrets regularly and audit access logs